Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F3790489
D1089.id2795.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
9 KB
Referenced Files
None
Subscribers
None
D1089.id2795.diff
View Options
diff --git a/_modules/jails.py b/_modules/jails.py
new file mode 100644
--- /dev/null
+++ b/_modules/jails.py
@@ -0,0 +1,139 @@
+# -*- coding: utf-8 -*-
+
+# -------------------------------------------------------------
+# Salt — Jails execution module
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2017-10-21
+# Description: Functions related to FreeBSD jails
+# License: BSD-2-Clause
+# -------------------------------------------------------------
+
+
+def _get_all_jails():
+ return __pillar__.get('jails', {})
+
+
+def _get_default_group():
+ '''
+ Gets the default group to use as key to
+ the pillar's jails dictionary.
+ '''
+ return __grains__['id']
+
+
+def list(group=None):
+ '''
+ A function to list the jails for the specified group.
+
+ CLI Example::
+
+ salt '*' jails.list
+ '''
+ all_jails = _get_all_jails()
+
+ if group is None:
+ group = _get_default_group()
+
+ if group in all_jails:
+ return all_jails[group]
+
+ return []
+
+
+def flatlist(group=None):
+ '''
+ A function to list the jails for the specified group.
+
+ Output is a string, ready to pass to jail_list in rc.
+
+ CLI Example::
+
+ salt-call --local jails.list ysul
+ '''
+ return " ".join(list(group))
+
+
+def _get_hardware_network_interfaces():
+ return [interface for interface in __grains__['hwaddr_interfaces']]
+
+
+def _get_ipv6_network_interfaces():
+ return [interface for interface in __grains__['ip6_interfaces']]
+
+
+def guess_ipv4_network_interface():
+ '''
+ A function tu guess to what network interface bind the
+ public IPv4 jail IP.
+ '''
+ interfaces = _get_hardware_network_interfaces()
+
+ if len(interfaces) < 1:
+ raise "No network interface detected."
+
+ # Nasqueron convention assigns the ICANNn network
+ # to the first card.
+ return interfaces[0]
+
+
+def guess_ipv6_network_interface():
+ '''
+ A function tu guess to what network interface bind the
+ public IPv4 jail IP.
+ '''
+ interfaces = _get_ipv6_network_interfaces()
+
+ for interface in interfaces:
+ ips = __grains__['ip6_interfaces'][interface]
+
+ # We want an interface with IPv6
+ if len(ips) < 1:
+ continue
+
+ # Ignore local loopback
+ if interface.startswith("lo"):
+ continue
+
+ return interface
+
+ raise "No network interface detected."
+
+ # Nasqueron convention assigns the ICANNn network
+ # to the first card.
+ return interfaces[0]
+
+
+def get_jail(jailname, group=None):
+ '''
+ A function to get a jail pillar configuration
+
+ CLI Example::
+
+ salt-call --local jails.list mumble ysul
+ '''
+ if group is None:
+ group = _get_default_group()
+
+ all_jails = _get_all_jails()
+ return all_jails[group][jailname]
+
+
+def get_ezjail_ips_parameter(jailname, group=None):
+ '''
+ A function to get the parameters to describe the jail
+ IP configuration to `ezjail-admin create` command.
+
+ CLI Example::
+
+ salt * jails.get_ezjail_ips_parameter ftp
+ '''
+ jail = get_jail(jailname, group)
+
+ config = [
+ ["lo1", jail['lo']],
+ [guess_ipv4_network_interface(), jail['ipv4']],
+ [guess_ipv6_network_interface(), jail['ipv6']]
+ ]
+
+ return ",".join(["|".join(interface) for interface in config])
diff --git a/pillar/paas-jails/jails.sls b/pillar/paas-jails/jails.sls
new file mode 100644
--- /dev/null
+++ b/pillar/paas-jails/jails.sls
@@ -0,0 +1,23 @@
+# -------------------------------------------------------------
+# Salt — Jails
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2017-10-20
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+jails:
+ ysul:
+ ftp:
+ lo: 127.0.2.1
+ ipv4: 212.83.187.132
+ ipv6: 2001:470:1f13:9e1:0:c0ff:ee:1
+ mumble:
+ lo: 127.0.2.2
+ ipv4: 212.83.187.132
+ ipv6: 2001:470:1f13:9e1:0:c0ff:ee:1
+ # Test jail
+ tonderon:
+ lo: 127.0.2.3
+ ipv4: 212.83.187.132
+ ipv6: 2001:470:1f13:9e1:0:c0ff:ee:7
diff --git a/pillar/top.sls b/pillar/top.sls
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -12,6 +12,7 @@
- certificates.certificates
- nodes.nodes
ysul:
+ - paas-jails.jails
- webserver-legacy.sites
eglide:
- users.revokedusers
diff --git a/roles/paas-jails/init.sls b/roles/paas-jails/init.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-jails/init.sls
@@ -0,0 +1,11 @@
+# -------------------------------------------------------------
+# Salt — Jails
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Notes: FreeBSD-only role
+# Created: 2017-10-21
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+include:
+ - .jails
diff --git a/roles/paas-jails/jails/files/ezjail.rc b/roles/paas-jails/jails/files/ezjail.rc
new file mode 100644
--- /dev/null
+++ b/roles/paas-jails/jails/files/ezjail.rc
@@ -0,0 +1,16 @@
+# -------------------------------------------------------------
+# Jails - rc configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/paas-jails/jails/files/ezjail.rc
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+ezjail_enable="YES"
diff --git a/roles/paas-jails/jails/files/jail.rc b/roles/paas-jails/jails/files/jail.rc
new file mode 100644
--- /dev/null
+++ b/roles/paas-jails/jails/files/jail.rc
@@ -0,0 +1,22 @@
+# -------------------------------------------------------------
+# Jails - rc configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/paas-jails/jails/files/jail.rc
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+# -------------------------------------------------------------
+# Enable the jails
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+ezjail_enable="YES"
+
+jail_list="{{ jails }}"
diff --git a/roles/paas-jails/jails/files/netif.rc b/roles/paas-jails/jails/files/netif.rc
new file mode 100644
--- /dev/null
+++ b/roles/paas-jails/jails/files/netif.rc
@@ -0,0 +1,20 @@
+# -------------------------------------------------------------
+# Jails - rc configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/paas-jails/jails/files/netif.rc
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+# -------------------------------------------------------------
+# Jail network
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+cloned_interfaces="lo1"
diff --git a/roles/paas-jails/jails/init.sls b/roles/paas-jails/jails/init.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-jails/jails/init.sls
@@ -0,0 +1,54 @@
+# -------------------------------------------------------------
+# Salt — Jails
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Notes: FreeBSD-only unit
+# Created: 2017-10-21
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Software to manage jails
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+ezjail:
+ pkg.installed
+
+# -------------------------------------------------------------
+# Configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+jails_rc_jail:
+ file.managed:
+ - name: /etc/rc.conf.d/jail
+ - source: salt://roles/paas-jails/jails/files/jail.rc
+ - template: jinja
+ - context:
+ jails: {{ salt['jails.flatlist']() }}
+
+jails_rc_netif:
+ file.managed:
+ - name: /etc/rc.conf.d/netif
+ - source: salt://roles/paas-jails/jails/files/netif.rc
+
+jails_rc_ezjail:
+ file.managed:
+ - name: /etc/rc.conf.d/ezjail
+ - source: salt://roles/paas-jails/jails/files/ezjail.rc
+
+# -------------------------------------------------------------
+# Build jails
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+generate_basejail:
+ cmd.run:
+ - name: ezjail-admin install -p
+ - creates: /usr/jails/basejail
+
+{% for jail in salt['jails.list']() %}
+{% set ips = salt['jails.get_ezjail_ips_parameter'](jail) %}
+generate_jail_{{ jail }}:
+ cmd.run:
+ - name: ezjail-admin create {{ jail }} {{ ips | yaml_encode }}
+ - creates: /usr/jails/{{ jail }}
+{% endfor %}
diff --git a/top.sls b/top.sls
--- a/top.sls
+++ b/top.sls
@@ -18,6 +18,7 @@
'local':
- roles/saltmaster
'ysul.nasqueron.org':
+ - roles/paas-jails
- roles/webserver-legacy
- roles/webserver-varnish
'dwellers.nasqueron.org':
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Thu, Nov 28, 05:40 (20 h, 54 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2268282
Default Alt Text
D1089.id2795.diff (9 KB)
Attached To
Mode
D1089: Provision jails
Attached
Detach File
Event Timeline
Log In to Comment